public function runConfigureRole(framework\Request $request) { try { $role = new entities\Role($request['role_id']); } catch (\Exception $e) { $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('error' => $this->getI18n()->__('This is not a valid role'))); } if ($role->isSystemRole()) { $access_level = $this->getAccessLevel($request['section'], 'core'); } else { $access_level = $this->getUser()->canManageProject($role->getProject()) ? framework\Settings::ACCESS_FULL : framework\Settings::ACCESS_READ; } switch ($request['mode']) { case 'list_permissions': return $this->renderComponent('configuration/rolepermissionslist', array('role' => $role)); break; case 'edit': if (!$access_level == framework\Settings::ACCESS_FULL) { $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('error' => $this->getI18n()->__('You do not have access to edit these permissions'))); } if ($request->isPost()) { $role->setName($request['name']); $role->save(); $new_permissions = array(); foreach ($request['permissions'] ?: array() as $new_permission) { $permission_details = explode(',', $new_permission); $new_permissions[$permission_details[2]] = array('module' => $permission_details[0], 'target_id' => $permission_details[1]); } $existing_permissions = array(); foreach ($role->getPermissions() as $existing_permission) { if (!array_key_exists($existing_permission->getPermission(), $new_permissions)) { $role->removePermission($existing_permission); } else { $existing_permissions[$existing_permission->getPermission()] = $new_permissions[$existing_permission->getPermission()]; unset($new_permissions[$existing_permission->getPermission()]); } } foreach ($new_permissions as $permission_key => $details) { $p = new entities\RolePermission(); $p->setModule($details['module']); $p->setPermission($permission_key); if ($details['target_id']) { $p->setTargetID($details['target_id']); } $role->addPermission($p); } foreach ($existing_permissions as $permission_key => $details) { $p = new entities\RolePermission(); $p->setModule($details['module']); $p->setPermission($permission_key); if ($details['target_id']) { $p->setTargetID($details['target_id']); } tables\Permissions::getTable()->addRolePermission($role, $p); } framework\Context::clearPermissionsCache(); framework\Context::cacheAllPermissions(); return $this->renderJSON(array('message' => $this->getI18n()->__('Permissions updated'), 'permissions_count' => count($request['permissions']), 'role_name' => $role->getName())); } return $this->renderComponent('configuration/rolepermissionsedit', array('role' => $role)); case 'delete': if (!$access_level == framework\Settings::ACCESS_FULL || !$request->isPost()) { $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('error' => $this->getI18n()->__('This role cannot be removed'))); } $role->delete(); return $this->renderJSON(array('message' => $this->getI18n()->__('Role deleted'))); } }